Sophos sees OS X virus ghosts
/v3-uk/news/1943467/sophos-os-x-virus-ghosts
22 Feb 2006, Tom Sanders in California , V3
Anti-virus vendor Sophos has released an update of the Inqtana-B virus identity file for it Sophos Anti-Virus for OS X software due to false positives.
The company initially released an antidote that incorrectly flagged various files in Microsoft Office 2004 and in Adobe Acrobat Reader as being infected with the OS X worm. Users in some cases reported that the anti-virus software claimed over 1,000 infections.
The false positives have a great impact on users, as the anti-virus program will block access or delete all "infected" files, depending on the software's configurations. This effectively renders the systems useless.
Sophos did not mention the error on its website as of press time and could not be reached for comment after hours. The SANS Internet Storm Center unveiled the release of the updated virus identity file.
The Inqtana-B worm is a variant of the Inqtana worm that was first detected last Friday. The online pest is a proof of concept worm that uses Bluetooth to propagate, but is designed in such a way that it cannot cause any actual harm and will not spread.
The Sophos incident has given fuel to critics who all along have claimed that the noise around the detection of the first Mac OS X viruses last week was orchestrated by security vendors who are seeking to grow their revenues.
"First they 'find' a virus, then they start a FUD[fear, uncertainty and doubt] factory of misinformation, and finally they turn loose the REAL virus (called their anti-virus software) on the newly paranoid Mac users they stirred up," a user wrote on the Macfixit Apple enthusiasts' website.
Do you agree?
I think I'd rather have a virus than Sophos AV
I mean, which one would do more damage?
Posted by My name is Earl, 22 Feb 2006
It screwed my system
Tuesday morning, my Sophos software claimed my Mac was infected with Inqtana-B. My IT guy came and ran a full scan with the option of deleting the infected files. 2 hours and 1200 deleted files later, my system was crap. No Adobe, Macromedia, or Microsoft apps would run, and even the Mac OS didn't know how to re-install applications (didn't know what to do with a mpkg). IT guys ended up wiping the entire hard drive and reinstalling OS X. Thanks Sophos!
Posted by Mac Fan, 23 Feb 2006
I just laughed so much I nearly choked on my cornflakes
First of all MacFan, fire your "IT guy" as he is obviously completely clueless. Who on earth would run AV software with the delete function set and not quarantine !
Secondly, those of you that claim that Sophos cry wolf and make the virus' themselves well you are just completely nuts I am afraid.
In over 10 years of using and selling Sophos AV I have never seen a single false positive, let alone one on the magnitude of this one, this has been really unfortunate and I am sure internally someone in Quality Assurance at the company will lose their job over this.
Companies like Sophos are under immense pressures to protect their clientbases as quickly as possible, especially as the time between a vulnerability being found and being exploited can has dropped to in some cases hours, and the speed that some virus spread is frightening.
I think sadly those idiots that write virus' will place more attention on the Mac OS in the future as it becomes more popular as a desktop OS, if you think these virus companies are here to hurt you then don't bother with any AV, personally I do trust them.
Posted by xplodenet.com, 26 Feb 2006
Understatement of the year
These are not the only items it marked as "infected". Nearly every plug in on my system was deemed infected. On top of that every printer PPD, iTunes files, you name it. To say it was only Microsoft Office and Adobe is a drastic understatement.
Posted by Kelly, 22 Feb 2006
Caution is wise, but virus vendors have a clear self-interest
It would be unwise to expect no security threats ever to any OS, but I have to confess that I see companies like Sophos, Symantec, F-Secure, etc as functionally equivalent to botnets, hackers, adware and spyware vendors, etc. For about four years now they have been making SUCH A FUSS about THREATS TO OSX, yet in that period not a single thing happened. They are guilty of crying wolf so often, methinks they doth protest too much. It's quite clear that they see the Mac market as largely untapped, and they feel they deserve those dollars. So they make daily announcements meant to terrify all of us to rush to their products. It's so incredibly transparent that they are operating to a vested interest, and if I were them I'd be incredibly concerned about my company's public image.
Unless these organizations can find a measured, indutry-accepted standards-based way to improve their credibility, I think they may actually be more of a threat to us, as they produce so much background noise we may actually miss out, or dismiss a real event when it comes along.
Posted by Philip Owens, 22 Feb 2006